CppCon 2017: Kostya Serebryany “Fuzz or lose...”

Fuzz or lose: why and how to make fuzzing a standard practice for C++

http://CppCon.org
—
Presentation Slides, PDFs, Source Code and other presenter materials are available at: https://github.com/CppCon/CppCon2017
—
Fuzzing is a family of testing techniques in which test inputs are generated semi-randomly. The memory unsafety of C++ has made fuzzing a popular tool among security researchers. Fuzzing also helps with stability, performance, and equivalence testing; and it’s a great addition to everyone’s CI.

Our team has launched OSS-Fuzz, the Google's continuous fuzzing service for open source software, and a similar service for our internal C++ developers. Over 1000 C++ APIs are being fuzzed automatically 24/7, and thousands of bugs have been found and fixed.

Now we want to share this experience with the wider C++ community and make fuzzing a part of everyone’s toolbox, alongside unit tests. We will demonstrate how you can fuzz your C++ library with minimal effort, discuss fuzzing of highly structured inputs, and speculate on potential fuzzing-related improvements to C++.
—
Kostya Serebryany: Google, Software Engineer

Websiteresearch.google.com/pubs/KonstantinSerebryany.html
Konstantin (Kostya) Serebryany is a Software Engineer at Google. His team develops and deploys dynamic testing tools, such as AddressSanitizer and ThreadSanitizer. Prior to joining Google in 2007, Konstantin spent 4 years at Elbrus/MCST working for Sun compiler lab and then 3 years at Intel Compiler Lab. Konstantin holds a PhD from mesi.ru and a Master from msu.ru.
—
Videos Filmed & Edited by Bash Films: http://www.BashFilms.com

*-----*
Register Now For CppCon 2022: https://cppcon.org/registration/
*-----*